Download > DualShield > Documents
Release Notes
DualShield Server 5.7.2, Released on 02/06/2014
New Features
- » Failthru as an authenticator and failthru policy
Improvements
- » Access Policy: support "X-Forwarded-For" proxy chain
- » SAML: added "InResponseTo" option in the SAML response
- » When creating a domain, allow token repository and image repository to be blank to use default values
- » Autocomplete="off" is set for password field
Bug Fixes
- » Failthru as OTP does not work when auth is set to "StaticPass+OTP" and "OTP+StaticPass"
- » Audit 'Login Name' field does not list incorrect username when download token on mobileID
- » Report failed with "No such property: long_col1 for class: com.deepnet.das.report.ReportData"
- » Message with empty password issent out when "Require static password" is checked on T-pass token
- » DMC web page freeze when create the Logon procedure by using Application Wizard
- » Upgrade from 5.6 to 5.7 with Microsoft SQL Server failed
- » Identity Source page appears to blank after one of the LDAP AD's password is updated.
- » Upgrade from 5.6.1.0909 to 5.7.1.1105 failed on Oracle database
- » Lockout policy doesn't count on E_RESPONSE_INCORRECT
- » DMC does not list the imported certificate authority information
- » After user's token assignment expired, the user will be able to login without using 2-factor authentication
- » SSO login using principal name look up domain failure
- » Salesforce SAML failed due to user name incorrectly filled when using principal name
- » Ldap user password expired or must change password error code is not returned, always got "credential incorrect".
- » Multiple AD password authentication attempts in one logon attempt
- » X-Forwarded-For is not handled correctly in SSO
DualShield Server 5.7, Released on 10/30/2013
New Features
- » DualFence - MFA for BYOD
- » Supports Syslog
- » Supports Google Authenticator
- » Apache Tomcat Integration
- » Scripting in RADIUS attribute and SAML SP attribute
Improvements
- » Dial Prefix
- » Application Wizard
- » TeleSign SMS & Voice Gateway
- » Active Direcotry Browsing Pagenation
- » F5 BigIP support via SAML
- » New SAML signing option: sign on assertion or/and response
- » New T-Pass policy: Available Channels
- » New Session Variable: session.usedAuthenticators
- » RADIUS attributes can be bound to RADIUS clients
- » General performance
Bug Fixes
- » Users were able to request a certificate when the certificate request policy was set as 'Deny'
- » Exporting certificate to PKCS12 file did not ask for a new password
Windows Logon 5.6.1.1015, Updated on 10/15/2013
Bug Fixes
- » When typing username into appropriate field, the product automatically tabs down to the password field
DualShield Server 5.6, Updated on 09/26/2013
Bug Fixes
- » When a biometric token is not ready, trying to use it to logon caused the user account to be locked up.
- » Resetting a TypeSense token did not work if the user had downloaded the token to client machine
Improvements
- » Added a new event: TYPESENSE_TRAINING_FINISHED
- » Added a new policy option for Time-Based OTP Token: Enable Automatic Synchronisation
Windows Logon 5.6, Updated on 09/23/2013
Bug Fixes
- » While attached to the local network by changing the domain to the local machine name then putting in their domain UPN in the username, it was possible to bypass two-factor authentication.
- » In some cases, the input focus was automatically moved to the password field while the user is entering their username
- » TypeSense policy was not synchronised with offline logon
Improvements
- » Improved message description of "E-TYPESENSE-TRAININGFAIL: 6: ks_data_parser return with error 1397752"
RADIUS Server 5.6, Updated on 09/17/2013
Bug Fixes
- » No RADIUS Access-Response on Aruba 3600 controller
Improvements
- » Allow unknown vendor-specific attribute to be empty
- » General performance
DualShield 5.6 SP6
New Features
- » Multi-selection of authenticators in RADIUS C/R
Improvements
- » Improve TOTP token out-sync handling
- » Improve TOTP auditing
- » Added new debug log options
- » System time drift detector
- » System low performance warning
- » System caches is reloaded automatically in clustering environment
- » Added X-Frame-Options to avoid clickjacking
- » Added F5 RADIUS attributes
- » RADIUS server performance
Bug Fixes
- » Upgrade from 5.3 to 5.6 got exception: "collection was not processed by flush()"
DualShield 5.6 SP5
New Features
- » 2X: Supports 2X native integration (2X Application Server v10.6)
- » RADIUS: New RADIUS client option: "Strip the realm from username at authentication"
- » RADIUS: Supports Password Change in RADIUS Challenge/Response
- » IIS Agent: IP Filter supports X-Forwarded-For
Improvements
- » Emergency Code can now be deleted
- » Windows Logon: Sometimes when starting the computer, only local computer shows up in the Domain list.
- » Outlook Anywhere: DualShield Outlook Anywhere client now supports Microsoft Outlook Client 2013
Bug Fixes
- » Windows Logon: on Windows 7, when a PC is locked, switching user and entering a wrong password will cause infinite loop.
DualShield 5.6 SP4
New Features
- » Added "Token PIN" as an Authenticator for RADIUS-based applications.
- » Supports Token PIN Change in RADIUS Challenge/Response
Improvements
- » The length of token's PIN can be varaible.
DualShield 5.6 SP3
New Features
- » Added support for OpenLDAP
Improvements
- » DAS now checks access control policy when checking radius proxy policy
- » DAS now checks system RADIUS proxy policy when user is not found.
- » DAS now checks IP access control policy when checking radius proxy policy
- » Added "concat=5" to clickatell request to avoid error "Max message parts exceeded"
- » Made Identity Attribute 'type' editable
- » Windows Logon Agent installer: change the agent registration dialog, use server address and port. Avoid the http/https mistake
- » IIS Agent: Cross application pool authentication cache. Solved download offline address book issue.
Bug Fixes
- » The second date/time slot in an access control policy is not working
- » After user changed their info in DSS, user's info in DMC becomes uncertain.
- » DMC can't generate token PIN with letters
- » "User Must change Default PIN at Next Logon" does not work on MobileID & T-pass
- » Radius Command does not trigger T-pass token auto provisioning
- » Radius Proxy does not support long length password
- » Certificate Activation Code length and character requirements does not work
- » FlashPass Device Filter 'Allowed' & 'Denied' policy do not work properly
- » No logs in audit when a cached password is used to login
- » GridGo "Change Default Path" does not work
- » Resetting event-based SafeID token caused error
- » Some search filters for User don't work (Last Change Password, DN, etc)
- » 'Send AC to user when created or assigned' does not work on Certificate Policy
- » RADIUS attribute of the type Octets does not accept alphabetic letters
- » Batch assign token will skip some tokens if the import file contains more than one kind of products.
- » DMC: In Unit info dialog, the name field is showing the parent's name
- » DMC: Does not support the XML format for importing user
- » DMC: List duplicate delivery channels by click 'Update' button on Token Activation Code Window
- » DMC: 'Save' action does not work after editing the Format and Priority on SMTP Message Template
- » DMC: Option 'Remove assigned tokens' does not work on "Delete Tokens by Product" Task
- » DMC: When complete a Certificate Request, got "Error: Parameter error: ['id' expected]"
- » DMC: Complete Certificate Request pops up an error "Parameter error id expected"
- » DMC: Some unsupported wildcards are listed in sms template
- » DMC: 'Token is not found' when manually request activation code on Certificate.
- » SSO: Got NullPointerException when no result item is in the server response
- » SSO: Q&A logon steps returns an error message
- » RADIUS Server: Password encoding algorithm is incorrect when password is longer than 16 bytes
- » Windows Logon: On Windows 8 and Windows Server 2012, the logon client's background was sometime displayed incorrectly.
DualShield 5.6
New Features
- » Support IBM Domino Directory Server
- » Support IBM Tivoli Directory Server
- » Support IBM Tivoli Access Manager WebSEAL
- » Support 2X Application Server
- » Support password authentication for LDAP users via MSCHAP2
- » New policy option: Random Default PIN
- » Windows Logon: Support AD domain suffixes
- » Windows Logon: Support Single Sign-on (Windows 2008+)
Improvements
- » Windows Logon Agent installer: Auto Registration supported
- » RADIUS Server installer: Auto Registration supported
- » Reclaim user licenses from orphaned users.
- » License key transfer
- » Upgraded to Twitter API 1.1
- » Nested user group made visible in the Management Console
- » RadiusAttribute and RadiusProfile become public objects
- » Windows Phone 8 is recognized by provisioning server
- » DMC/DSS Logout event is logged
Bug Fixes
- » Creating certificate on Linux was extremely slow.
- » Sending the next OTP (T-Pass policy) did not work if MSCHAP2 was used in RADIUS and the authenticator was StaticPass+ODP
- » Audit export failed on Linux although it reported success.
- » Cryptokey firmware upgrade did not work
- » CryptoKey firmware options lost after restarted DualShield service
- » Sending activation code caused exception "Error: Cannot get property 'options' on null object"
- » When pin was due to be changed, the GridGo credential was not checked when resetting pin
- » SafeID activation code was not sent when required by policy
- » DMC did not check a token’s email address in the Push Token function
- » Windows Logon: Access Control policy
DualShield 5.5 SP2
New Features
- » Offline tokens for Windows & Mac logon can be downloaded automatically.
Improvements
- » HTTP Proxy (of Message Gateways) did not work
- » MS-CHAP2-Success attribute in RADIUS response was not implemented correctly
- » Resetting Path for GridID generated error
- » Login to safe mode did not work in previous releases of 5.5
Bug Fixes
- » Email gateway checkboxes did not work
DualShield 5.5 SP1
New Features
- » Resetting GridGo Path in SSO
Improvements
- » New report template: "Users with Q&A Enabled"
- » New policy option "Generate Random Path for New Token" in GridGo Policy
- » New policy option "User Must Change Default Path at Next Logon" in GridGo Policy
- » New policy option "User Must Change Default PIN at Next Logon" in GridGo Policy
- » New policy option "Display Keypad" in GridGo Policy
- » Remove "Status" when assigning token to an user in DMC
- » New wildcards [[PIN]] and [[PATH]] in sending activation code template in DMC
- » New "User Must Reset Path at Next Logon" option in reset path window of DMC
- » Improve navigation by clicking grid cells of GridGo in SSO
- » Seperated PIN input field when logging on with GridGo in SSO
- » Shows a navigator when keypad is not displayed in SSO
Bug Fixes
- » Email gateway checkboxes did not work
DualShield 5.5
New Features
- » ICE Logon Procedure
- » SSO Federation
- » Multiple Communication Gateways
- » AD Password Cache for Web & Windows Logon
- » FaceSense for Web & Windows Logon
- » VoiceSense for Web Logon
- » DevicePass for Window Logon
- » Q & A for VPN Logon
Improvements
- » TFA for Outlook Anywhere vastly improved with both "Client-less" and "Client mode" options
- » AD Identity source authentication now supports User Principle Name (UPN) and Down-Level Logon Name (loginname@domainname and domainname\loginname)
- » New policy option "Maximum Number of Uses" in T-Pass
Bug Fixes
- » "Deploy Tokens" in Domain/Unit/Group caused exception
- » T-Pass did not use the channel policy option to send next OTP.
- » Setting domains of a role would clear all permits
- » Domains with identical NETBIOS name caused Cross-Realm Domain Access error
- » The TypeSense training 'reset' icon was missing from the Window logon client x64 version
- » TFA bypassed if the UPN is used and the Enter key is pressed swiftly after username and password were entered
- » TFA bypassed if the login name was changed before the previous query returned.
- » If IPv6 enabled, Windows Logon configuration was not reloaded after the Save button is clicked.
DualShield 5.4 (SP3)
Bug Fixes
- » The Audit Purge task causes exception
DualShield 5.4 (SP2)
Bug Fixes
- » Registering GridID token in Self-service console causes exception
- » Backend & Frontend installation options did not work properly
New Features
- » "Deploy Tokens" will trigger the Client Provisioning policy option
DualShield 5.4 (SP1)
New Features
- » Q&A is supported in RADIUS
DualShield 5.4
Bug Fixes
- » MSCHAP2 did not work in RC2
- » TPASS via CHAP/MSCHAP2 did not work in all previous versions
- » Typesense only logon procedure password changing did not work properly.
- » Q&A policy option maxsize and throttle was not checked
- » Changing RADIUS attribute columns width caused exception in accounting/Radius report
- » When failed to change password (via SSO), the audit showed succeeded.
DualShield 5.4 RC2
Bug Fixes
- » Windows Logon was not functional in RC1
- » SMTP TLS authentication did not work
DualShield 5.4 RC1
New Features
- » Computer device authentication: DevicePass
- » USB flash drive authentication: FlashPass
- » Certificate authentication
- » Certificate management
- » RADIUS EAP/PEAP protocol
- » RADIUS accounting
- » Outlook Anywhere integration
- » Exchange ActiveSync integration
- » MobileID for Windows Phone
Improvements
- » Approximate Matching in Q & A
- » MobileID installer supports installation for current user only without admin privileges
- » When the SMTP server doesn't require authentication, the system still works even the "require authentication" option is enabled in the SMTP server configuration
- » New "bytes" function added to support RADIUS attribute mapping from string to bytes (octets)
- » New "ReportResult" object added in role permits
- » Dictionary for Infoblox added into the RADIUS server
Bug Fixes
- » RADIUS logon: When the logon policy was set to "multi-factor is not required for all users", user could login with arbitrary password
- » Windows Logon: Token provisioning did not work properly
- » VMWare Logon: S_MFA_NOT_REQUIRED was incorrectly treated as failure
- » RADIUS server: If the value of an attribute was great than 2^31, it was treated as minus signed integer.
- » If "Valid for N minutes" was set to 0 in T-PASS policy, the code became invalid immediately.
- » When a user had no token, Q&A defined in the logon procedure was not listed
- » Role permit "Audit:view" did not work properly.
- » Using radius command ">email user" caused exception if the SMTP server cannot relay the message
- » Enhanced group membership checking to avoid looping membership
- » Batch assign token had an error in its statistics
- » Connecting a Radius proxy to Radius server caused exception "java.lang.ClassCastException"
- » Opening role list tab caused "Cannot invoke method join() on null object"
DualShield 5.3
New Features
- » Reporting
- » Application self-test
- » Default token PIN applied dynamically at runtime if it is required by the policy
- » New wildcard [PIN] in the Send OTP template
- » Reset LDAP user password via Management Console
- » RADIUS accounting port (1813) is supported
Improvements
- » The performance of AD connection is greatly improved
- » The performance of the SSO server is greatly improved
- » Login name is now case insensitive when authenticating via RADIUS/MSCHAP2
- » During Safe Mode, the management console is only accessible from local machine
- » When a user changed their static password, their TypeSense is automatically reset Li>Speed up authenticator listing at windows logon
Bug Fixes
- » Pushing a token immediately generates an activation code, causing it to be always out of sync
- » Token auto-sync did not work
- » OTP in the "Register Token" did not work
- » Assigning token from self-service would cause "access denied - token:assign" error
- » Unable to unassign a token if the associated user is deleted in Active Directory
- » MobileID got an error message 'Compulsory attributes missing' and it fails to install on java phone
- » Expiration of Emergency Code did not work properly
- » Searching LDAP users in OU did not work when the identity source's BaseDN is in different uppercase or lowercase to the LDAP server
- » MobileID token download page for iphone/android did not select the given domain by default
- » Windows logon did not reliably detect AD password expiration
DualShield 5.2
New Features
- » New Mac Logon Agent
- » New Access Control policy by IP addresses
- » New option for installing MobileID token onto iPhone and Android
- » Windows agent auto-discovery by DNS look-up
- » Windows client diagnosis tool
- » New task for changing token’s PIN
Improvements
- » RADIUS server now supports multi-character sets
- » Windows agent auto-discovery speeded up by local cache
- » RADIUS servers logs the incoming request if its IP doesn't match any radius client
Bug Fixes
- » RADIUS & VMWare View challenge response bug: sending OTP caused NULL pointer exception
- » Special characters in LADP’s Access DN were not correctly escaped
- » Searching users with some filters caused exception
- » Windows offline token synchronisation
- » Widows agent uninstaller did not remove the local token database file
Known Issues
- » The option "Bypass two-factor authentication if the DualShield Server is not contactable" in the Windows Logon Agent does not function properly.
DualShield 5.2 RC2
New Features
- » Application Wizard
Improvements
- » Audit Export
- » IIS 7 Agent now supports 64bits & 32bits mixed mode
Bug Fixes
- » MobileID push and download URL were incorrect
- » A pending or expired token assignment was incorrectly counted as an active assignment
DualShield 5.2 RC1
New Features
- » Improved installer offering frontend & backend servers installation
- » Provisioning Server can be installed as a standalone server
- » Support multiple message templates
- » New offline policy for Windows logon
- » New IP Filter for the Windows logon agent
- » New IP Filter in the general logon policy
- » New VMWare View Agent
- » Import users from a CSV file
- » Import tasks from a script file
- » Support encrypted token seed file
- » Support agent auto registration
- » Safe Mode
Improvements
- » RADIUS authentication method now changed to logon procedure, offering C&R and real-time delivery of T-Pass one-time password in a multi-step logon procedure.
- » Support Token Auto-Provisioning in RADIUS logon
- » Policy options of Challenge Code moved to product
- » Support multiple tokens of different types in a single seed file
- » Provisioning Server detects Blackberry mobile phones
- » New feature, e.g. pushing token added to the self-service console
Bug Fixes
- » The Access User for LDAP had to reside in the Base DN
- » Server OTP in MobileID two-way authentication was incorrect
- » GPRS modem did not work
- » Authenticator list in Windows Logon went beyond domains in the realm
- » PIN history could not be disabled
- » Activation Code was not disabled after the token was downloaded
- » Challenge Code was not purged after expiration
DualShield 5.1
Bug Fixes
- » Login to the management console with an LDAP user may cause Hibernate Exception
- » The default policy and token attributes for a manually created authentication product is incomplete.
- » "Challenge Sent" in audit trail logged with wrong type "FAILURE"
- » The characters (\r\n) are not escaped in audit export file
Improvements
- » Introduce two new domain attributes: "DNS Name" and "NetBios Name" in order to support multiple domains in a realm that’s assigned to a Windows Logon application.
- » Record VPN client IP address in audit trail.
DualShield 5.1 RC2
Bug Fixes
- » Access Control for Unit is effective but time period did not work properly
- » After upgrading from old versions, an old policy created by previous versions may not contain newly introduced policy options
- » When login to management console with an LDAP user, the group/unit query result may not be correct.
DualShield 5.1 RC1
New Features
- » Access Control policy
- » RADIUS authentication method: "Static Password >> Challlenge/Response"
- » Set and reset PIN in RADIUS logon by new commands: >setpin and >resetpin
- » Set and reset PIN in SSO logon
- » Export and purge audit trail
- » Support encrypted RSA SecureID seed data
- » Support VASCO DigiPass tokens
- » Support Oracle database
- » Support PostgreSQL
Improvements
- » MobileID client and token provisioning
- » PIN policy moved to product policy
- » "Require Static Password" option moved from logon procedure to T-Pass policy
- » Other minor improvements
Bug Fixes
- » SSL/HTTPS installation
- » Requesting OTP via RADIUS commands, e.g. >sms did not work
- » RADIUS attributes/profile attached to groups and units did not work
- » Sending Emergency Code by SMS results in "Communicator error"
- » RADIUS authentication "Static Password >> OTP" did not work with T-Pass
- » RADIUS authentication "Static Password >> OTP" did not work with GridID
- » Failthru authentication needs a dummy OTP token
- » Other minor bugs
Known Issues
- » Challenge & Response does not work on MobileID/iPhone
- » Challenge & Response with PIN does not work on all MobileID clients
- » Failthru as OTP does not work with "Static Password + OTP" and "OTP + Static Password"